List of usage examples for org.apache.http.conn.ssl DefaultHostnameVerifier DefaultHostnameVerifier
public DefaultHostnameVerifier()
From source file:com.vmware.photon.controller.common.auth.AuthOIDCClient.java
private AfdClient setSSLTrustPolicy(String domainControllerFQDN, int domainControllerPort) throws AuthException { try {//from w w w . j a va 2 s . co m return new AfdClient(domainControllerFQDN, domainControllerPort, new DefaultHostnameVerifier(), new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() { @Override public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; } }).build()); } catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) { throw new AuthException("Failed to set SSL policy", e); } }
From source file:org.elasticsearch.xpack.watcher.common.http.HttpClient.java
public HttpClient(Settings settings, HttpAuthRegistry httpAuthRegistry, SSLService sslService) { super(settings); this.httpAuthRegistry = httpAuthRegistry; this.defaultConnectionTimeout = HttpSettings.CONNECTION_TIMEOUT.get(settings); this.defaultReadTimeout = HttpSettings.READ_TIMEOUT.get(settings); this.maxResponseSize = HttpSettings.MAX_HTTP_RESPONSE_SIZE.get(settings); this.settingsProxy = getProxyFromSettings(); HttpClientBuilder clientBuilder = HttpClientBuilder.create(); // ssl setup/*from w w w. java2s . c o m*/ Settings sslSettings = settings.getByPrefix(SETTINGS_SSL_PREFIX); boolean isHostnameVerificationEnabled = sslService.getVerificationMode(sslSettings, Settings.EMPTY) .isHostnameVerificationEnabled(); HostnameVerifier verifier = isHostnameVerificationEnabled ? new DefaultHostnameVerifier() : NoopHostnameVerifier.INSTANCE; SSLConnectionSocketFactory factory = new SSLConnectionSocketFactory( sslService.sslSocketFactory(sslSettings), verifier); clientBuilder.setSSLSocketFactory(factory); clientBuilder.evictExpiredConnections(); clientBuilder.setMaxConnPerRoute(MAX_CONNECTIONS); clientBuilder.setMaxConnTotal(MAX_CONNECTIONS); client = clientBuilder.build(); }
From source file:io.apiman.manager.api.es.DefaultEsClientFactory.java
/** * @param httpConfig/*from w ww .j av a2s. co m*/ */ @SuppressWarnings("nls") private void updateSslConfig(Builder httpConfig) { try { String clientKeystorePath = getConfig().get("client-keystore"); String clientKeystorePassword = getConfig().get("client-keystore.password"); String trustStorePath = getConfig().get("trust-store"); String trustStorePassword = getConfig().get("trust-store.password"); SSLContext sslContext = SSLContext.getInstance("TLS"); Info kPathInfo = new Info(clientKeystorePath, clientKeystorePassword); Info tPathInfo = new Info(trustStorePath, trustStorePassword); sslContext.init(KeyStoreUtil.getKeyManagers(kPathInfo), KeyStoreUtil.getTrustManagers(tPathInfo), null); HostnameVerifier hostnameVerifier = new DefaultHostnameVerifier(); SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier); SchemeIOSessionStrategy httpsIOSessionStrategy = new SSLIOSessionStrategy(sslContext, hostnameVerifier); httpConfig.defaultSchemeForDiscoveredNodes("https"); httpConfig.sslSocketFactory(sslSocketFactory); // for sync calls httpConfig.httpsIOSessionStrategy(httpsIOSessionStrategy); // for async calls } catch (Exception e) { throw new RuntimeException(e); } }
From source file:com.codedx.burp.security.SSLConnectionSocketFactoryFactory.java
/** * Creates a new SSLConnectionSocketFactory with the behavior described in * {@link #getFactory(String)}. Instead of returning, this method registers * the factory instance to the <code>factoriesByHost<code> map, as well as * registering its <code>ExtraCertManager</code> to the * <code>certManagersByHost</code> map. The cert manager registration is * important in order to detect and purge trusted certificates on a per-host * basis./*from w w w . j ava 2 s.c om*/ * * @param host * @param burpExtender * @throws IOException * @throws GeneralSecurityException */ private static void initializeFactory(String host, BurpExtender burpExtender) throws IOException, GeneralSecurityException { // set up the certificate management File managedKeyStoreFile = getTrustStoreForHost(host); ExtraCertManager certManager = new SingleExtraCertManager(managedKeyStoreFile, "u9lwIfUpaN"); // get the default hostname verifier that gets used by the modified one // and the invalid cert dialog HostnameVerifier defaultHostnameVerifier = new DefaultHostnameVerifier(); InvalidCertificateStrategy invalidCertStrat = new InvalidCertificateDialogStrategy(defaultHostnameVerifier, host, burpExtender); /* * Set up a composite trust manager that uses the default trust manager * before delegating to the "reloadable" trust manager that allows users * to accept invalid certificates. */ List<X509TrustManager> trustManagersForComposite = new LinkedList<>(); X509TrustManager systemTrustManager = getDefaultTrustManager(); ReloadableX509TrustManager customTrustManager = new ReloadableX509TrustManager(certManager, invalidCertStrat); trustManagersForComposite.add(systemTrustManager); trustManagersForComposite.add(customTrustManager); X509TrustManager trustManager = new CompositeX509TrustManager(trustManagersForComposite); // setup the SSLContext using the custom trust manager SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, new TrustManager[] { trustManager }, null); // the actual hostname verifier that will be used with the socket // factory Set<String> allowedHosts = new HashSet<>(); allowedHosts.add(host); HostnameVerifier modifiedHostnameVerifier = new HostnameVerifierWithExceptions(defaultHostnameVerifier, allowedHosts); SSLConnectionSocketFactory factory = new SSLConnectionSocketFactory(sslContext, modifiedHostnameVerifier); // Register the `factory` and the `customTrustManager` under the given // `host` factoriesByHost.put(host, factory); customTrustByHost.put(host, customTrustManager); }
From source file:com.cloudera.nav.sdk.client.SSLUtils.java
/** * If SSL validation is disabled then return a HostnameVerifier that accepts * everything. Otherwise, return the override HostnameVerifier in the config * if specified, or return a new DefaultHostnameVerifier * * @param config/*from w w w.j a va 2 s.c om*/ */ public static HostnameVerifier getHostnameVerifier(ClientConfig config) { if (config.isDisableSSLValidation()) { return new NoopHostnameVerifier(); } if (config.getOverrideHostnameVerifier() == null) { return new DefaultHostnameVerifier(); } else { return config.getOverrideHostnameVerifier(); } }
From source file:org.syslog_ng.elasticsearch_v2.client.http.ESHttpsClient.java
private HostnameVerifier setupHostnameVerifier(ElasticSearchOptions options) { if (isSSLInsecure(options)) { return NoopHostnameVerifier.INSTANCE; } else {//from w w w . j a va 2 s .c o m return new DefaultHostnameVerifier(); } }
From source file:com.gargoylesoftware.htmlunit.httpclient.HtmlUnitSSLConnectionSocketFactory.java
private HtmlUnitSSLConnectionSocketFactory(final KeyStore keystore, final char[] keystorePassword, final KeyStore truststore, final boolean useInsecureSSL, final String[] supportedProtocols, final String[] supportedCipherSuites) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { super(SSLContexts.custom().loadKeyMaterial(keystore, keystorePassword).loadTrustMaterial(truststore, null) .build(), supportedProtocols, supportedCipherSuites, new DefaultHostnameVerifier()); useInsecureSSL_ = useInsecureSSL;//from w ww . j av a2s. co m }
From source file:eu.eubrazilcc.lvl.core.http.client.TrustedHttpsClient.java
/** * Creates a custom SSL context where clients will trust own CA and self-signed certificates and associates a HTTP client to the context. * @return a HTTP client that will trust own CA and self-signed certificates. * @throws Exception if an error occurs. *//*from w w w . j a v a 2 s . c om*/ private static final CloseableHttpClient createHttpClient(final File trustStoreDir, final char[] password, final String url) { CloseableHttpClient httpClient = null; try { final File trustStoreFile = new File(trustStoreDir, "trusted.keystore"); final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); // create a new, empty trust store if (!trustStoreFile.exists()) { trustStoreDir.mkdirs(); trustStoreFile.createNewFile(); trustStore.load(null, password); } // import certificate to trust store importCertificate(url, trustStore); // save trust store to disk try (final FileOutputStream outstream = new FileOutputStream(trustStoreFile)) { trustStore.store(outstream, password); } // trust own CA and all self-signed certificates final SSLContext sslContext = SSLContexts.custom() .loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()).build(); // allow trusted protocols only final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, new String[] { "SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2" }, null, new DefaultHostnameVerifier()); httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build(); } catch (Exception e) { LOGGER.error("Failed to create HTTP client", e); } return httpClient; }